c5c8c8a731d66bf756fa078c9576ab494b701af55bbe8e311a1f9c7606ef451d

Sharing

Copy URL Twitter E-mail

General

Target

c5c8c8a731d66bf756fa078c9576ab494b701af55bbe8e311a1f9c7606ef451d
Size

2.9MB
MD5

18a45679bd2c33fb662c4eae78824b01
SHA1

dd5cda2fdeeb7fe7ce9b18d978213e983091bc93
SHA256

c5c8c8a731d66bf756fa078c9576ab494b701af55bbe8e311a1f9c7606ef451d
SHA512

bf63b5a7293c2a2b0284ef960e5efdf24580d52d05fb5f6f8079ee7014b530060b0f4e4146b32762d5ac69e239822240349e9e9b1c0624c96c9f806c59c9704f
SSDEEP

24576:RCVc7xGmjrPO3HpFXpDZ9XBqhPDgsLSWHljPS/cioj:RCq7xjwJFdZ9XBkPDgsLJPS/cioj

Score

N/A

Malware Config

Signatures

Files

c5c8c8a731d66bf756fa078c9576ab494b701af55bbe8e311a1f9c7606ef451d
.exe windows x86

d6228de4a79d9e05e709b790919ee36c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

adsapi32

DRV_DeviceGetList
DRV_GetErrorMessage
DRV_DeviceGetNumOfList
DRV_MAIConfig
DRV_DeviceClose
DRV_DeviceGetFeatures
DRV_EnableEvent
DRV_EnableSyncAO
DRV_AOConfig
DRV_AOCurrentOut
DRV_AOVoltageOut
DRV_WriteSyncAO
DRV_FAOScale
DRV_MAIVoltageIn
DRV_CheckEvent
DRV_FAICheck
DRV_ClearOverrun
DRV_FAITransfer
DRV_FAIStop
DRV_FAOLoad
DRV_FAOCheck
DRV_FAOStop
DRV_DioReadBit
DRV_DioReadPortByte
DRV_EnableEventEx
DRV_FDITransfer
DRV_DioWriteBit
DRV_DioWritePortByte
DRV_DioSetPortMode
DRV_DioGetConfig
DRV_DeviceOpen
DRV_FAIIntScanStart
DRV_FAOIntStart

usb7660

ZT7660_AIonce
ZT7660_OpenDevice
ZT7660_CloseDevice
ZT7660_AIFifoEx
ZT7660_GetSFifoDataCnt
ZT7660_AIinit
ZT7660_ClearFifo
ZT7660_ADstop
ZT7660_GetLastErr
ZT7660_ClearLastErr
ZT7660_DOAll
ZT7660_DOBit
ZT7660_DIAll
ZT7660_DIBit
ZT7660_AOonce
ZT7660_GetCardCount

libhpdf

HPDF_Free
HPDF_GetFont
HPDF_UseCNSEncodings
HPDF_UseCNSFonts
HPDF_SetPageMode
HPDF_SetCompressionMode
HPDF_New
HPDF_Page_SetRGBFill
HPDF_Page_Stroke
HPDF_Page_LineTo
HPDF_Page_MoveTo
HPDF_Page_SetLineWidth
HPDF_Page_GetWidth
HPDF_Page_TextOut
HPDF_Page_EndText
HPDF_Page_ShowText
HPDF_Page_MoveTextPos
HPDF_Page_GetHeight
HPDF_Page_BeginText
HPDF_Page_SetFontAndSize
HPDF_Page_SetSize
HPDF_AddPage
HPDF_SaveToFile

mfc42d

ord3144
ord3142
ord2431
ord3367
ord3784
ord3657
ord2021
ord1285
ord4492
ord2986
ord706
ord528
ord728
ord1862
ord2052
ord586
ord559
ord680
ord618
ord565
ord684
ord485
ord734
ord574
ord2936
ord643
ord721
ord1042
ord4264
ord5093
ord3382
ord2419
ord797
ord803
ord1996
ord1122
ord1041
ord1264
ord714
ord4256
ord5084
ord3403
ord4403
ord487
ord590
ord1510
ord4123
ord880
ord342
ord4195
ord3629
ord3948
ord4017
ord3831
ord4753
ord3362
ord1364
ord3651
ord4176
ord1781
ord4118
ord5076
ord3618
ord4208
ord2078
ord1310
ord3069
ord3944
ord3670
ord2076
ord1566
ord5078
ord3002
ord4064
ord1344
ord4191
ord1830
ord1631
ord4205
ord3786
ord3658
ord1952
ord1228
ord2875
ord317
ord1857
ord3524
ord901
ord3432
ord1087
ord736
ord492
ord478
ord306
ord381
ord335
ord299
ord1756
ord1772
ord1771
ord1766
ord1757
ord1179
ord3517
ord4934
ord2634
ord2351
ord2383
ord4951
ord1021
ord4615
ord4653
ord450
ord4676
ord1212
ord3355
ord3447
ord3070
ord4053
ord3960
ord646
ord1906
ord3201
ord5072
ord2324
ord454
ord4475
ord2993
ord413
ord3365
ord4566
ord3697
ord418
ord5056
ord1373
ord644
ord411
ord554
ord1509
ord290
ord1136
ord3717
ord685
ord2147
ord2168
ord1019
ord851
ord3042
ord4390
ord493
ord4616
ord1812
ord2353
ord4832
ord3013
ord2435
ord3573
ord4036
ord3845
ord822
ord4061
ord4341
ord812
ord985
ord4316
ord5015
ord2127
ord4405
ord2640
ord2129
ord4896
ord3400
ord3637
ord813
ord824
ord486
ord2255
ord3483
ord765
ord758
ord788
ord1860
ord2068
ord410
ord4756
ord1365
ord4216
ord2024
ord1288
ord5019
ord2130
ord903
ord560
ord4512
ord4849
ord300
ord3555
ord3877
ord945
ord5018
ord4720
ord3286
ord823
ord5016
ord2619
ord1767
ord1795
ord2592
ord2548
ord2747
ord3024
ord2593
ord4330
ord986
ord2250
ord2137
ord2361
ord1024
ord2728
ord2549
ord4327
ord3143
ord2725
ord3177
ord507
ord3110
ord4338
ord1805
ord3276
ord1446
ord4268
ord1048
ord770
ord793
ord2044
ord4302
ord2291
ord2790
ord4311
ord2719
ord2561
ord2799
ord1863
ord343
ord683
ord1523
ord899
ord5103
ord4125
ord484
ord4443
ord4258
ord5086
ord1590
ord2989
ord709
ord422
ord533
ord3553
ord3690
ord4303
ord2123
ord2409
ord2687
ord319
ord3416
ord3571
ord768
ord755
ord791
ord774
ord556
ord573
ord1316
ord4457
ord1639
ord316
ord3421
ord293
ord717
ord2716
ord1494
ord3317
ord341
ord4853
ord4447
ord766
ord789
ord3481
ord593
ord2492
ord3338
ord2142
ord2133
ord345
ord850
ord1993
ord1261
ord2928
ord612
ord632
ord470
ord374
ord474
ord398
ord3226
ord3097
ord1930
ord2108
ord1893
ord1896
ord1934
ord877
ord648
ord3415
ord3570
ord4460
ord415
ord449
ord2209
ord2208
ord562
ord2771
ord4462
ord302
ord1098
ord1809
ord981
ord1078
ord4557
ord1602
ord2676
ord3561
ord2677
ord3068
ord2674
ord2673
ord1879
ord304
ord596
ord558
ord1799
ord2120
ord296
ord1661
ord349
ord1714
ord417
ord1638
ord2179
ord4997
ord2808
ord1787
ord943
ord483
ord2170
ord739
ord511
ord3640
ord2863
ord4933
ord3563
ord1586
ord3599
ord3171
ord3592
ord2659
ord2517
ord3174
ord4291
ord4586
ord3867
ord3870
ord3889
ord1745
ord2085
ord711
ord4317
ord4830
ord4103
ord3006
ord3010
ord3991
ord1826
ord5011
ord1504
ord1721
ord3309
ord3862
ord1801
ord1547
ord3642
ord2869
ord3598
ord4283
ord4458
ord2595
ord4703
ord4710
ord1588
ord2329
ord1861
ord305
ord3848
ord1774
ord3392
ord1775
ord4655
ord2434
ord1902
ord2256
ord3646
ord2915
ord619
ord382
ord3531
ord2333
ord3065
ord2513
ord2589
ord2610
ord4432
ord2337
ord4231
ord2365
ord3130
ord3213
ord2597
ord2991
ord3281
ord3821
ord3892
ord1790
ord2885
ord1595
ord4837
ord1880
ord3702
ord5077
ord3552
ord719
ord730
ord3803
ord2339
ord2432
ord2341
ord2585
ord2473
ord3691
ord2584
ord2481
ord2340
ord4408
ord4215
ord4239
ord3826
ord3366
ord2104
ord4229
ord4227
ord2661
ord1789
ord4130
ord1033
ord3231
ord2406
ord4415
ord1190
ord772
ord1100

msvcrtd

__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_adjust_fdiv
sqrt
fabs
acos
cos
abs
strcpy
atof
_ftol
pow
rand
atoi
memset
_setmbcp
__p__commode
__p__fmode
__set_app_type
sin
_controlfp
_chkesp
__CxxFrameHandler
memcpy

kernel32

TerminateThread
GetExitCodeThread
ReadFile
WaitForSingleObject
CreateProcessA
GetStartupInfoA
CreatePipe
CreateThread
Sleep
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalLock
GlobalFree
GlobalUnlock
GlobalAlloc
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
FreeResource
LockResource
LoadResource
FindResourceA
GlobalReAlloc
lstrcpyA
GetWindowsDirectoryA
GetModuleHandleA
CloseHandle
GetModuleFileNameA

user32

MessageBoxA
SystemParametersInfoA
PtInRect
GetKeyState
GetWindowLongA
GetCursorPos
DrawTextA
PeekMessageA
TranslateMessage
DispatchMessageA
GetAsyncKeyState
GetSysColor
GetSystemMetrics
ReleaseCapture
SendMessageA

gdi32

CreateRectRgn
GetStockObject
PtInRegion
SelectClipRgn
SetBkMode
SelectObject
GetTextMetricsA
SetTextColor
SetTextAlign
TextOutA
FillRgn
CombineRgn
GetRgnBox
OffsetRgn
GetObjectA
DeleteObject
CreateSolidBrush
CreateFontIndirectA

mfco42d

ord1055
ord614
ord375
ord798

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 688KB - Virtual size: 685KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6228de4a79d9e05e709b790919ee36c

Headers

File Characteristics

Imports

adsapi32

usb7660

libhpdf

mfc42d

msvcrtd

kernel32

user32

gdi32

mfco42d

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 8KB - Virtual size: 14KB

.idata Size: 12KB - Virtual size: 10KB

.rsrc Size: 688KB - Virtual size: 685KB

.reloc Size: 56KB - Virtual size: 53KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 8KB - Virtual size: 14KB

.idata
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 688KB - Virtual size: 685KB

.reloc
Size: 56KB - Virtual size: 53KB